Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file file 4.4 vulnerabilities and exploits
(subscribe to this query)
6.7
CVSSv3
CVE-2020-27777
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase...
Linux Linux Kernel
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.5
Redhat Openshift Container Platform 4.6
Redhat Openshift Container Platform 4.4
5.5
CVSSv3
CVE-2020-10781
A flaw was found in the Linux Kernel prior to 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not ac...
Linux Linux Kernel
Linux Linux Kernel 5.8.0
Debian Debian Linux 9.0
3.7
CVSSv3
CVE-2020-16166
The Linux kernel up to and including 5.7.11 allows remote malicious users to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.
Linux Linux Kernel
Opensuse Leap 15.1
Opensuse Leap 15.2
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Netapp Steelstore Cloud Integrated Storage -
Netapp Active Iq Unified Manager
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Cloud Volumes Ontap Mediator -
Netapp E-series Santricity Os Controller
Netapp Hci Bootstrap Os -
Netapp Storagegrid
Netapp H410c Firmware -
Oracle Sd-wan Edge 8.2
5.5
CVSSv3
CVE-2020-15393
In the Linux kernel 4.4 up to and including 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.
Linux Linux Kernel
Debian Debian Linux 9.0
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
8.8
CVSSv3
CVE-2020-11108
The Gravity updater in Pi-hole up to and including 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data...
Pi-hole Pi-hole
2 Github repositories
5.5
CVSSv3
CVE-2020-12656
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel up to and including 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any a...
Linux Linux Kernel
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Opensuse Leap 15.1
Opensuse Leap 15.2
4.7
CVSSv3
CVE-2020-12114
A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x prior to 4.4.221, 4.9.x prior to 4.9.221, 4.14.x prior to 4.14.178, 4.19.x prior to 4.19.119, and 5.x prior to 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference ...
Linux Linux Kernel
6.9
CVSSv3
CVE-2019-11999
Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For OC...
Hpe Opencall Media Platform
4.8
CVSSv3
CVE-2015-9546
An issue exists on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert directory traversal sequences into an e...
Google Android 4.4
9.1
CVSSv3
CVE-2017-18648
An issue exists on Samsung mobile devices with KK(4.4.x), L(5.x), M(6.x), and N(7.x) software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 (November 2017).
Google Android 4.4
Google Android 4.4.1
Google Android 4.4.2
Google Android 4.4.3
Google Android 4.4.4
Google Android 5.0
Google Android 5.0.1
Google Android 5.0.2
Google Android 5.1
Google Android 5.1.0
Google Android 5.1.1
Google Android 6.0
Google Android 6.0.1
Google Android 7.0
Google Android 7.1.0
Google Android 7.1.1
Google Android 7.1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »